Vulnerabilities > Pydio > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2013-4267 | OS Command Injection vulnerability in Pydio Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). | 9.8 |
| 2019-06-05 | CVE-2019-9642 | Unrestricted Upload of File with Dangerous Type vulnerability in Pydio An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. | 9.8 |
| 2019-01-15 | CVE-2018-20718 | Deserialization of Untrusted Data vulnerability in Pydio In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. | 9.8 |
| 2017-09-19 | CVE-2015-3431 | OS Command Injection vulnerability in Pydio Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | 9.8 |